NEW ATM MALWARE DISCOVERED
In a recent blog, Trend Micro announced the discovery of a new family of ATM malware, dubbed Alice. According
to the blog, the malware cannot be controlled via the numeric pad of ATMs, nor does it have information stealing
features – it is meant solely to empty ATMs’ safes. Once downloaded, the malware checks for registry keys
associated with a legitimate Extensions for Financial Services environment to ensure it’s running on an ATM.
Alice then connects to the CurrencyDispenser1 peripheral, which is the default name for the dispenser device in
the XFS environment. When the correct PIN code is entered, Alice will open the “operator panel” – a screen
showing the various cassettes with money loaded inside the machine, which the attackers can then retrieve often
through the use of money mules.
The discovery is a result of a joint research effort with Europol’s European Crime Center. Researchers say that
malware writers have increasingly targeted ATM platforms over the past two to three years due to the high
monetary value they represent. See the blog for more information including technical details and indicators of
UPDATED: ADDITIONAL DATES AND INFORMATION
FOR DHS I&A CORPORATE SECURITY SYMPOSIA
The DHS Office of Intelligence and Analysis Private Sector Outreach Program will host a Corporate Security
Symposia – a series of regional conferences held around the country to inform public and private sector
audiences and to generate discussion regarding challenging cross-sector issues. Dates and locations announced
for Q1 2017 are as follows:
Friday, February 10: Atlanta. The Atlanta Corporate Security Symposium is jointly facilitated by the
U.S. Department of Homeland Security, Office of Intelligence and Analysis and the Federal Bureau of
Investigation’s Domestic Security Alliance Council; and is sponsored by Equifax. Topics to be addressed
include: partnering to combat the evolving threat environment; public health preparedness; threats to
critical infrastructure; cyber threats, mitigation and response; insider threats; theft of intellectual property;
and international threats.
Wednesday. March 8: Minneapolis. The Minneapolis Corporate Security Symposium is jointly
facilitated by the U.S. Department of Homeland Security, Office of Intelligence and Analysis and the
Federal Bureau of Investigation’s Domestic Security Alliance Council; and is sponsored by Target. Topics
to be addressed include: partnering to combat the evolving threat environment; private sector use of
intelligence and analytics; St. Cloud Mall incident: Overview, Response, and Lessons Learned; domestic
terrorism; and workplace violence.
Wednesday, March 22: Charlotte, NC
NEW: Tuesday, June 6: Mountain View, CA
There is no cost to attend; however, pre-registration is mandatory and walk-ins will not be admitted. Please click
on the links above for more information and to register. Information for the Charlotte and Mountain View events
will be provided when it is available.
DEADLINE REMINDERS: TORNADO VIRTUAL TABLETOP EXERCISE
FEMA’s Emergency Management Institute Virtual Tabletop Exercise program will offer six sessions of a tornado
scenario on February 21, 22, 23 and March 7, 8, and 9 from 12-4 p.m. ET. Content is the same each day, and
participants would attend only one session in February or March and the application deadlines for these
exercises are January 11 and 25 respectively.
The VTTX involves key personnel discussing simulated scenarios in an informal setting and can be used to
assess plans, policies, training, and procedures. The design of the VTTX is for a group of ten or more